Professional Documents
Culture Documents
1. “Personal Data” means personal information and sensitive personal information as these terms are defined
in Republic Act No. 10173 or the Data Privacy Act of 2012, as this law may be amended from time to time
(DPA) which are transferred or provided, or to which the DISCLOSING PARTY gives RECIPIENT
PARTY access, to the RECIPIENT PARTY, or which the RECIPIENT PARTY otherwise obtains in
connection with the Agreement. The Personal Data to be shared by DISCLOSING PARTY (through
physical/electronic means) are as follows:
Type of Parties
Personal Granted Estimated Frequency
S/N Personal Data Objective
Data /s Access and Volume of Access
1
Julie Dian R. Caminong
27
Single
College Graduate
Working
Experience
Photo To assess the
Languages qualifications
SPI spoken of the
2.
Religion candidates
Health Data for a certain
Educational data position
(CV’s/Resume’s; Work
history; Educational
history;
Academic
2
transcripts;
Trainings attended)
Driver’s license
Profession
license
information
Other information
associated with a
resume for job
applications
JSPH DPO
DISCLOSING PARTY: 2022-04-28 11:27:02
DATA SUBJECT: --------------------------------------------
JSPH DPO
Partner's Complete
2022-04-28 11:13:53 Company Name or Alias
Type of Parties Note: This portion is OPTIONAL. If the Partner
--------------------------------------------
Personal Granted believes
Put Estimatedemployee’s
thethat their
Partner's data subjectdata
Frequency nameare(i.e.
being
Contact
S/N Personal Data Objective/s processed due to this subscription/partnership,
Person)
Data Acess and Volume of Access
this may be filled in. Otherwise, put N/A.
Name To coordinate JSPH DPO
2022-04-28 11:16:12
Address with the JSPH on Frequency:
JSPH DPO
--------------------------------------------
1. PI Email Address managing the 2022-04-28 11:15:46
No, of user access and how often it will be accessed
Telephone No. subscription Access: users
--------------------------------------------
per certain period of time (e.g., per day, per
Put the user/s
month, etc.) who will access the data. If too
many, position title/team name will suffice. (e.g.,
K/AM, CC, O2C, etc.)
2. “Data Privacy Laws” means the DPA, its implementing rules and regulations, and relevant issuances of the
National Privacy Commission, as well as any other privacy laws applicable to the RECIPIENT PARTY.
3. “Data Subject” shall have the same meaning as set forth in the Implementing Rules and Regulations of the
DPA, as may be amended and supplemented from time to time.
a. insofar as Personal Data collected, or in any manner obtained, by DISCLOSING PARTY may be
transferred to, shared with, or in any manner may be received by, RECIPIENT PARTY pursuant
to this Agreement, appropriate and valid consents from the relevant Data Subjects, whenever
necessary as provided for under the Data Privacy Laws, have been or will be obtained by
DISCLOSING PARTY;
c. it has or will provide the following information to the Data Subject before the Personal Data is
shared with RECIPIENT PARTY:
3
ii.Purpose of data sharing;
iii.Categories of personal data concerned;
iv. Intended recipients or categories of recipients of their personal data;
v. Existence of the rights of data subjects, including the right to access and
correction, and the right to object;
vi. Other information that would sufficiently notify the data subject of the nature and
extent of data sharing and the manner of processing.
II. Representations and Warranties and undertakings of RECIPIENT PARTY in respect of Data Privacy
Laws.
RECIPIENT PARTY represents and warrants that it is compliant with Data Privacy Laws, and has adequate
safeguards for data privacy and security of the Personal Data, and
a. It shall keep Personal Data confidential, and shall not disclose, publish, release, transfer or
otherwise make available, directly or indirectly, this data, in any form to, or for the use or benefit
of, any person or entity, without obtaining DISCLOSING PARTY’s written consent. RECIPIENT
PARTY shall, however, be permitted to disclose relevant aspects of Personal Information to its
officers, directors, employees, and representatives, to the extent that such disclosure is not restricted
by this Agreement, or any applicable law, and only to the extent that such disclosure is reasonably
necessary for the performance of the Services, and RECIPIENT PARTY’s duties and obligations
under this Agreement; provided, however:
i. RECIPIENT PARTY shall be responsible for ensuring that such officers, directors,
employees, and representatives abide by the provisions of this Agreement on
confidentiality and data protection;
RECIPIENT PARTY shall be responsible for any breach of confidentiality or privacy, or of any of
the terms in this schedule and/or Agreement, arising from the acts or omissions of RECIPIENT
PARTY’s officers, directors, employees, consultants, representatives and agents, and any third
party to which RECIPIENT PARTY may disclose or outsource Personal Data.
d. It shall uphold the rights of the Data Subjects as required by Data Privacy Laws. The processing it
will undertake shall adhere to the data privacy principles laid down in Data Privacy Laws. Hence,
upon request of DISCLOSING PARTY, it shall assist DISCLOSING PARTY in responding to
requests by data subjects whose Personal Data is being processed, or that had been processed, by
RECIPIENT PARTY, such data subjects are exercising their rights under Data Privacy Laws and
assist DISCLOSING PARTY to comply with Data Privacy Laws.
e. Upon knowledge of or upon reasonable belief that a Personal Data Breach or a Security
4
Incident relating to or affecting Personal Data has occurred, RECIPIENT PARTY shall notify
DISCLOSING PARTY of such matter, within a timely manner in order to allow the
DISCLOSING PARTY to comply with applicable notification requirements under Data Privacy
Laws. Notice to the DISCLOSING PARTY must be in writing and should setting out all the
information that would be necessary for or relevant to the DISCLOSING PARTY’s notification
obligations under Data Privacy Laws. The RECIPIENT PARTY shall give timely and sufficient
access to its records and personnel to the DISCLOSING PARTY and its advisers, preserve the
relevant records and information, and otherwise exert best efforts to assist the DISCLOSING
PARTY to comply with its obligations in relation to Data Privacy Laws on Personal Data
Breaches and Security Incident.
f. RECIPIENT PARTY shall correct, delete or block access to Personal Data promptly upon request
by DISCLOSING PARTY to ensure that the Personal Data is correct and accurate.
g. It shall allow DISCLOSING PARTY to audit the RECIPIENT PARTY’s compliance with its
undertakings under the Services Agreement and obligations under Data Privacy Laws, as well as
assist DISCLOSING PARTY in conducting or responding to audits of DISCLOSING PARTY’s
own compliance with Data Privacy Laws. In this regard, RECIPIENT PARTY shall cooperate with
DISCLOSING PARTY and its representatives by providing information and allowing inspections
of its systems, as may be necessary. In the conduct of such audit, RECIPIENT PARTY shall
provide to DISCLOSING PARTY and to DISCLOSING PARTY’s internal and external auditors
and other such representatives as DISCLOSING PARTY may reasonably designate from to time
access during normal business hours and after prior notice for the purpose of performing audits
and inspections of DISCLOSING PARTY, to verify the integrity of Personal Data, to examine the
systems that process, store, support and transmit such data, and to examine RECIPIENT PARTY’s
performance of the Services and compliance with its undertakings and obligations under the Data
Privacy Laws. RECIPIENT PARTY shall further provide all reasonable cooperation to
DISCLOSING PARTY’s auditors, inspectors, regulators and representatives.
Each Party, which causes a breach of this Agreement, whether wilfully or through its gross negligence,
agrees to indemnify, hold harmless and defend the other Party, and its employees, officers, directors,
agents, successors and assigns from and against damages, penalties, losses, liabilities, judgments,
settlements, awards, and costs and expenses of any kind or nature, including reasonable attorneys' fees,
suffered or incurred in connection with any claims, demands, causes of action, suits, proceedings or other
actions, arising from such wilful breach or gross negligence.
Unless extended by mutual written consent of both Parties hereto, this Agreement shall expire in five (5)
years from the date hereof and shall be in effect while the RECIPIENT PARTY has access to the Personal
Data shared by the DISCLOSING PARTY. The RECIPIENT PARTY shall promptly inform the
DISCLOSING PARTY in case of any changes in the parties to be granted access, and this Agreement shall
then be reviewed to take into account the sufficiency of the safeguards implemented for data protection and
any data breach or security incident that may have occurred affecting the shared data.
Personal Data should only be processed for as long as is necessary. Processing of Personal Data should be
limited accordingly and for a period no longer than the term of this Agreement. Specific justification for
processing of Personal Data beyond said period is required.
5
VI. Return or Destruction of Personal Data
Upon completion of the purpose, expiration or termination of the Contract or this Agreement, or upon
request of DISCLOSING PARTY, whichever is applicable, RECIPIENT PARTY shall perform the
following within thirty (30) days from the date of project completion, expiration or termination:
a. Return all Personal Data of Data Subjects in any recorded form including any other property,
information, and documents provided by the DISCLOSING PARTY;
b. Destroy all copies it made of Personal Data and any other property, information and documents. For
print out or other tangible formats, the document will be shredded. For data in electronic form, the
document must be deleted, wiped, overwritten or otherwise make it irretrievable; and
c. Deliver to DISCLOSING PARTY a certificate (using the template provided) confirming RECIPIENT
PARTY’s compliance with the return or destruction obligation under this section.
This Agreement shall be governed by and construed in accordance with the laws of the Philippines, without
regard to any conflicts of law rules. Exclusive jurisdiction over and venue of any suit arising out of or
relating to this Agreement shall be in the courts of Metro Manila, Philippines. The Parties hereby consent
and submit to the exclusive jurisdiction and venue of those courts.
This Agreement may be executed electronically or by way of electronic signature and such electronic
signatures shall be deemed original signatures, have the same force and effect as manual signatures and
binding upon the Parties. If this Agreement shall be executed electronically, the best evidence of this
Agreement shall be a copy of this Agreement bearing an electronic signature, in portable document format
(.pdf) form, or in any other electronic format intended to preserve the original graphic and pictorial
appearance of a document.
IN WITNESS WHEREOF, the Parties have hereunto affixed their signatures on the date and at the place
written above.
6
Signed in the Presence of: